Emission of Audit Messages - dcm4che/dcm4chee-arc-light GitHub Wiki
Content
DCM4CHEE Archive 5.x supports security auditing for described Audit Trail Profiles.
To help assure healthcare privacy and security in automated systems, usage data need to be collected. These data will be reviewed by administrative staff to verify that healthcare data is being used in accordance with the healthcare provider's data security requirements and to establish accountability for data use. This data collection and review process is called security auditing, and the data itself comprises the audit trail. Audit trails can be used for surveillance purposes to detect when interesting events might be happening that warrant further investigation.
Audit messages can be sent to one or more audit record repositories.
Archive's default and sample configurations already contain the below configurations i.e. one Audit Logger and one Audit Record Repository. Repeat the below configurations to send audit messages to multiple audit record repositories.
Go to Menu -> Configuration
- Select
dcm4chee-arc
device. - Go to
Child Objects -> Network Connections
.- (Optional) Change host of pre-configured
syslog
orsyslog-tls
connections.
- (Optional) Change host of pre-configured
- Go to
Extensions -> Device Extension -> Child Objects -> Audit Logger -> Attributes
.- (Optional) Verify
Network Connection Reference
reflects changed host.
- (Optional) Verify
- Go to
Extensions -> Device Extension -> Archive Device Extension -> Attributes
.- Set values to the fields :
Audit Polling Interval Audit Aggregate Duration Audit Spool Directory
- Set values to the fields :
Required only for secured archive, i.e. either or both archive UI and REST services is secured.
- Select
keycloak
device. - Go to
Child Objects -> Network Connections
.- (Optional) Change host of pre-configured
syslog
orsyslog-tls
connections.
- (Optional) Change host of pre-configured
- Go to
Extensions -> Device Extension -> Child Objects -> Audit Logger -> Attributes
.- (Optional) Verify
Network Connection Reference
reflects changed host.
- (Optional) Verify
- Select
logstash
device. - Go to
Child Objects -> Network Connections
.- (Optional) Change host of pre-configured
syslog
orsyslog-tls
connections.
- (Optional) Change host of pre-configured
- Go to
Extensions -> Device Extension -> Audit Record Repository Device Extension -> Attributes
.- (Optional) Verify
Network Connection Reference
reflects changed host.
- (Optional) Verify
Once below configurations are complete, reload the configuration using archive UI Menu -> Configuration -> Control
.
Either create an LDIF file e.g.,
version: 1
dn: dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
changetype: modify
add: dcmAuditPollingInterval
dcmAuditPollingInterval: PT5M
-
dn: dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
changetype: modify
add: dcmAuditAggregateDuration
dcmAuditAggregateDuration: PT1M
-
dn: dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
changetype: modify
add: dcmAuditSpoolDirectory
dcmAuditSpoolDirectory: ${jboss.server.data.dir}/audit-spool
-
dn: cn=Audit Logger,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dcmAuditSourceTypeCode: 4
dcmAuditRecordRepositoryDeviceReference: dicomDeviceName=logstash,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
objectClass: dcmAuditLogger
dicomNetworkConnectionReference: cn=syslog,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dicomNetworkConnectionReference: cn=syslog-tls,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
cn: Audit Logger
-
dn: cn=syslog,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dicomHostname: localhost
objectClass: dicomNetworkConnection
objectClass: dcmNetworkConnection
dcmProtocol: SYSLOG_UDP
dcmClientBindAddress: 0.0.0.0
cn: syslog
dn: cn=syslog-tls,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dicomInstalled: FALSE
dicomHostname: localhost
objectClass: dicomNetworkConnection
objectClass: dcmNetworkConnection
dicomTLSCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
dicomTLSCipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
dcmProtocol: SYSLOG_TLS
dcmClientBindAddress: 0.0.0.0
cn: syslog-tls
-
and import it to the LDAP Server by using the ldapmodify command line utility.
or use the Add Attribute... and Add Value... function of Apache Directory Studio
to add attributes on Device level (e.g., dicomDeviceName=dcm4chee-arc
).
Refer Archive Device, Audit Logger and Network Connection to understand the description of attributes.
Refer ISO-8601 Duration format for more know-how on Durations.
Required only for secured archive, i.e. either or both archive UI and REST services is secured. Either create an LDIF file e.g.,
version: 1
dn: cn=Audit Logger,dicomDeviceName=keycloak,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dcmAuditSourceTypeCode: 4
dcmAuditRecordRepositoryDeviceReference: dicomDeviceName=logstash,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
objectClass: dcmAuditLogger
dicomNetworkConnectionReference: cn=syslog,dicomDeviceName=keycloak,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dicomNetworkConnectionReference: cn=syslog-tls,dicomDeviceName=keycloak,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
cn: Audit Logger
-
dn: cn=syslog,dicomDeviceName=keycloak,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dicomHostname: localhost
objectClass: dicomNetworkConnection
objectClass: dcmNetworkConnection
dcmProtocol: SYSLOG_UDP
dcmClientBindAddress: 0.0.0.0
cn: syslog
dn: cn=syslog-tls,dicomDeviceName=keycloak,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dicomInstalled: FALSE
dicomHostname: localhost
objectClass: dicomNetworkConnection
objectClass: dcmNetworkConnection
dicomTLSCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
dicomTLSCipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
dcmProtocol: SYSLOG_TLS
dcmClientBindAddress: 0.0.0.0
cn: syslog-tls
-
and import it to the LDAP Server by using the ldapmodify command line utility.
or use the Add Attribute... and Add Value... function of Apache Directory Studio
to add attributes on Device level (e.g., dicomDeviceName=dcm4chee-arc
).
Refer Audit Logger and Network Connection to understand the description of attributes.
Either create an LDIF file e.g.,
version: 1
dn: dicomDeviceName=logstash,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
objectClass: dcmDevice
objectClass: dicomDevice
dicomDeviceName: logstash
dicomInstalled: TRUE
dicomPrimaryDeviceType: LOG
dn: cn=syslog,dicomDeviceName=logstash,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
objectClass: dcmNetworkConnection
objectClass: dicomNetworkConnection
dicomHostname: localhost
cn: syslog
dcmProtocol: SYSLOG_UDP
dicomPort: 514
dn: cn=syslog-tls,dicomDeviceName=logstash,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dicomInstalled: FALSE
dicomHostname: localhost
dicomPort: 6514
objectClass: dicomNetworkConnection
objectClass: dcmNetworkConnection
dicomTLSCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
dicomTLSCipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
dcmProtocol: SYSLOG_TLS
cn: syslog-tls
dn: cn=Audit Record Repository,dicomDeviceName=logstash,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
objectClass: dcmAuditRecordRepository
cn: Audit Record Repository
dicomNetworkConnectionReference: cn=syslog,dicomDeviceName=logstash,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
dicomNetworkConnectionReference: cn=syslog-tls,dicomDeviceName=logstash,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
-
and import it to the LDAP Server by using the ldapmodify command line utility.
or use the Add Attribute... and Add Value... function of Apache Directory Studio
to add attributes on Device level (e.g., dicomDeviceName=logstash
).
Refer Device to understand the description of attributes.
- Start syslogd tool.
- Test one of the Audit Trail Profiles.
- Once the configured
Audit Polling Interval
is reached, verify the audit message sent in XML format to syslogd tool.